CVE-2024-10585
- EPSS 1.24%
- Veröffentlicht 08.01.2025 06:15:15
- Zuletzt bearbeitet 26.02.2025 18:25:29
The InfiniteWP Client plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.13.0 via the 'historyID' parameter of the ~/debug-chart/index.php file. This makes it possible for unauthenticated attackers to read .t...
CVE-2023-6565
- EPSS 0.91%
- Veröffentlicht 29.02.2024 01:42:39
- Zuletzt bearbeitet 25.02.2025 22:54:36
The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data f...
CVE-2023-2916
- EPSS 29.5%
- Veröffentlicht 15.08.2023 09:15:09
- Zuletzt bearbeitet 21.11.2024 07:59:33
The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. This can allow authenticated attackers with subscriber-level permissions or above to ...
CVE-2016-15004
- EPSS 1.58%
- Veröffentlicht 23.07.2022 07:15:07
- Zuletzt bearbeitet 21.11.2024 02:45:28
A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to ...
CVE-2020-8772
- EPSS 93.61%
- Veröffentlicht 06.02.2020 17:15:15
- Zuletzt bearbeitet 21.11.2024 05:39:24
The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in init.php. Any attacker who knows the username of an administrator can log in.